From 2fbe24895bc621cb2ff1b9898c010eec288545f6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 25 Jul 2019 14:29:22 -0700
Subject: [PATCH] Don't crash when parsing bad SVG data

Derived from a patch by Pip Cet (Bug#36773#47).
* src/image.c (svg_load_image): Work around librsvg 2.40.13 bug.
---
 src/image.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/image.c b/src/image.c
index 355c849491..8cab860085 100644
--- a/src/image.c
+++ b/src/image.c
@@ -9530,10 +9530,13 @@ svg_load_image (struct frame *f, struct image *img, char *contents,
   if (base_file)
     g_object_unref (base_file);
   g_object_unref (input_stream);
-  if (err) goto rsvg_error;
+
+  /* Check rsvg_handle too, to avoid librsvg 2.40.13 bug (Bug#36773#26).  */
+  if (!rsvg_handle || err) goto rsvg_error;
 #else
   /* Make a handle to a new rsvg object.  */
   rsvg_handle = rsvg_handle_new ();
+  eassume (rsvg_handle);
 
   /* Set base_uri for properly handling referenced images (via 'href').
      See rsvg bug 596114 - "image refs are relative to curdir, not .svg file"
@@ -9654,7 +9657,8 @@ svg_load_image (struct frame *f, struct image *img, char *contents,
   return 1;
 
  rsvg_error:
-  g_object_unref (rsvg_handle);
+  if (rsvg_handle)
+    g_object_unref (rsvg_handle);
   /* FIXME: Use error->message so the user knows what is the actual
      problem with the image.  */
   image_error ("Error parsing SVG image `%s'", img->spec);
-- 
2.17.1